New bill demands that smartphones have “kill switch” in case of theft

California bill could become a de facto national rule if it passes.

A California state legislator has introduced SB 962, a bill that would require smartphones sold in the state to include a "kill switch" that would "render inoperable" the phone if it's not in the possession of the rightful owner.

California is the largest state in the US, and its laws have in the past become de facto national laws. The now-ubiquitous publication of privacy policies on Internet websites, for instance, is the result of a California state law. The state has also led the nation in areas like rules around auto emissions.

While inclusion of the anti-theft technology would be required, the bill also maintains that consumers who wish to disable it be allowed to do so. The proposed law also requires that the phone be able to "withstand a hard reset," meaning that it can be restored to the condition it was in when it left the factory.

The bill was introduced this morning by State Sen. Mark Leno (D-San Francisco), who says he's responding to the rise of smartphone theft. More than 50 percent of all robberies in San Francisco involve a smartphone, according to law enforcement statistics Leno cites in his bill. Sections of the bill also note that smartphone theft was up 12 percent in Los Angeles in 2012, and nationwide, 113 smartphones are lost or stolen each minute.

"Today we are officially stepping in and requiring the cell phone industry to take the necessary steps to curb violent smartphone thefts and protect the safety of the very consumers they rely upon to support their businesses," said Leno in introducing the bill.

The text of Leno's bill notes that theft hasn't been bad for the bottom line of companies in the industry. The bill cites industry estimates that replacing lost and stolen cell phones was a $30 billion business in 2012, and carriers sold $7.8 billion worth of insurance products in 2013.

Wireless industry trade groups have opposed measures like Leno's in the past. Leno and his allies, including San Francisco District Attorney George Gascón, are hoping this bill will fare better than its predecessors in other states.

“This legislation will require the industry to stop debating the possibility of implementing existing technological theft solutions and begin embracing the inevitability," said Gascón.

164 Reader Comments

Doesn't that already exist on GSM phones? You just need report the phone stolen and both the SIM card and the phone itself even with another sim card will not be able to connect to any tower in the world.

Doesn't that already exist on GSM phones? You just need report the phone stolen and both the SIM card and the phone itself even with another sim card will not be able to connect to any tower in the world.

Presumably, the rightful owner. Now, whether or not that method can be fooled is another question altogether, which would probably need to be addressed with technical measures rather than legislative measures.

I know Windows Phones include the ability to locate, lock, remote wipe, send messages to or ring (even if the ringer is turned off) a lost phone via a web site. I do not believe this feature would survive a reset to initial state as it is tied to a Microsoft user account which would not be present after the reset.

If the intent is to prevent data theft and misuse of customer accounts the current Microsoft scheme seems adequate. If the intent is to make stolen phones worthless to a thief some other method would be more appropriate.. say forcing carriers to share a stolen phones list which they would need to check before activating a phone on their network. This seems less likely to be abused by hackers than some sort of remote kill switch.

Doesn't that already exist on GSM phones? You just need report the phone stolen and both the SIM card and the phone itself even with another sim card will not be able to connect to any tower in the world.

Except on all the US carriers that don't use GSM. Where this is a problem. And where we are talking about.

I don't think phone theft is typically a violent crime, as much as it's a crime of opportunity... but it has historically been a common crime of opportunity, particularly in many crowded cities. What I don't get is why California feels this legislation is even necessary at this juncture, given that (as noted in previous comments in this thread) the Big Three have all already implemented some variation of a kill switch in their respective OSes.

I tend to agree with the notion others have mentioned, that a shared carrier blacklist would be a much more effective solution.

A good idea but... Would it actually alter a mugger's behavior? Even if the mugger knows about the law, he's still going to weigh the criteria by which he selects victims to heavily favor any wearing white (or fancy fuck red) earbuds, because that indicates a certain amount of wealth, which in turn allows the mugger to estimate the value of a mugging.

Of course, one could argue that having a lot of your immediate value locked up in a device that is worth nothing to a thief should reduce the likelihood of someone carrying such a device being mugged. Alas, I fear that expecting the low level criminal element to apply ge theory in their decision-making process is a little overmuch

If this was built differently, I wouldn't have an issue. Say, a tag that can be put on phone boxes and advertising if certain requirements--like remote-kill--are met.

I'm rather uncomfortable with the idea of it being mandated on my phones, and cynical enough to wonder what the actual goal is. Aside from the prior suggestions, I would worry about something like the agreements no-one reads including a bit like "To ensure the security of user data, on termination of contract a kill signal will be sent to the phone". If that happened, so much for reselling phones on eBay, which I'm sure AT&T and VZW hate to see.

I know Windows Phones include the ability to locate, lock, remote wipe, send messages to or ring (even if the ringer is turned off) a lost phone via a web site. I do not believe this feature would survive a reset to initial state as it is tied to a Microsoft user account which would not be present after the reset.

If the intent is to prevent data theft and misuse of customer accounts the current Microsoft scheme seems adequate. If the intent is to make stolen phones worthless to a thief some other method would be more appropriate.. say forcing carriers to share a stolen phones list which they would need to check before activating a phone on their network. This seems less likely to be abused by hackers than some sort of remote kill switch.

The carriers already do that. See all those phones on eBay marked as Bad IMEI or ESN and cannot be activated?

I don't think phone theft is typically a violent crime, as much as it's a crime of opportunity... but it has historically been a common crime of opportunity, particularly in many crowded cities. What I don't get is why California feels this legislation is even necessary at this juncture, given that (as noted in previous comments in this thread) the Big Three have all already implemented some variation of a kill switch in their respective OSes.

I tend to agree with the notion others have mentioned, that a shared carrier blacklist would be a much more effective solution.

Have you ever tried to return a phone that you found? The irony is the cellular providers want nothing to do with getting a phone back to its owner. Over the years, I have returned five phones. Three in person, two left with stores that would take responsibility for the phone. (Tip of the hat to Peets coffee and Trader Joes.) I've never found a locked phone. All but one phone required figuring out the land line of the owner. One phone I found was in the Vegas convention center during CES. The owner kept calling it until someone (me) bother to look behind the screen to see what was ringing.

I know in the case of iPhone, this is already addressed. Not only can you remote wipe the phone if you have set up "Find My iPhone", but at the same time, as of iOS 7, only the owner with the correct account name and password can reset it back to usable state. So a stolen iPhone cannot be re-initialized and used.

Other than the obvious use of killing your phone if it is stolen, wouldn't it also be possible to kill the phone if it falls into the hands of an entity that has been known for its overreach, one such as law enforcement?